I don't agree with the conclusion that it's because it's peer-to-peer. that's not why -- it's because of lazy developer methods and a lower prioritization of security effort.
the biggest genuine effort that Rockstar puts into anti-cheat effort is an occassional memory-structure shuffle to kick sand into cheat-engine users eyes, and the occassional honey-pot that bans a few hundred people -- and these efforts come after begging Rockstar for years to do something, and the most it accomplishes is selling additional copies of the already dirt-cheap game.
These ban cycles and 'enforced ignorance' to the problem nets them more profit than it would otherwise; disenchanted players play less, reducing infrastructure costs -- and banned players buy another 2 dollar copy of the game -- but it kills user experience outside of single player entirely.
They don't care. I get it, but it sucks -- and it's not some GTA6 thing, they never cared.
Don't give them ideas ;) You either get a small loan of a billion dollars from a friendly cheater, or they try to bleed your wallet dry with Shark Cards. Rockstar are incapable of coming up with a balanced and rewarding progression system because it's in direct conflict with their financial goals.
I opened it up recently and my money was back to normal. I imagine I did something that got me detected. In all honesty, it was a blessing, because I realized I was only playing the game for the addictive grind and I didn't enjoy the game itself. The online mode is like a second job, and it's exacerbated by the highest rewards being specifically designed to grief new players. Rocket bikes with car seeking missiles really killed the game for me
https://www.polygon.com/23828445/gta-5-mods-roleplay-red-dea...
Maybe they'll do the same as mojang did with bukkit, and leave it out to dry...
Game devs vehemently deny this but there are games out there with perverse incentives for the game devs regarding cheaters. Escape From Tarkov is another game that is losing many players to the cheater issue while the devs drag their feet addressing the problem, or any problem in that game really. Why would they? Once the devs have legitimate players' money, them playing the game is just costing them money by paying for servers. Banning enough cheaters just frequently enough to buy another copy is how they get recurring revenue. As much as I hate the subscription model taking over everything I think if it was used in games like Tarkov it would be a much better game because it would align incentives to keep players engaged. On the other hand that would probably come with a bunch of dark patterns.
I have a personal conspiracy that Tarkov kept making the early game for new players harder and more insufferable while making the game more easy after you have grinded long enough, (for people like streamers who basically are the advertising) was a decision to get people excited to buy the game watching streamers with their far better experience, then shortly quit by making their experience insufferable.
I stopped playing when some cheater impersonated me in the game chat and then crashed my game, after I insulted them (mostly out of curiosity to see what else their cheats can do). It's just so far beyond what happens with cheats in other online games. I've also heard of people being followed by cheaters across game sessions and being DDOSed.
The only thing that's similarly bad to the cheats in GTA Online is (the original) Modern Warfare 2 which has had RCEs.
I know XSS is dying due to CORS and DLL injection is mooted by ALSR, that API's are usually authenticated and authorized, but damn...
I wish there was a more collective place to showcase modern exploits, they just hit nice in the feelies.
CORS isn't related to XSS. CORS actually isn't a security protection at all. It's a way for web apps to explicitly disable standard protections that browsers apply to enforce same origin policy.
You might be thinking of Content Security Policy (CSP).[0] That's the most effective protection I'm aware of for XSS, but it's not very widely used because so few JavaScript libraries are compatible with it.
>so few JavaScript libraries are compatible with it.
is this because of the 'eval' function specifically, or is there other reasons?
I see why; in return to libc, which is prevented by ASLR, you are injecting the control of flow into the middle of a DLL(that DLL is libc). The terminology is a little confusing.
I do wonder if there are statistics on how many of the attempts at creating micro transaction economies fail though. I hope it’s high. I feel like it has to be, but I guess at the same time it’s a question of as long as game sales recoup development costs any micro transaction stuff just needs to cover server and admin costs and then the rest is all profit. But I feel like so many studios go in hoping to recreate Fortnite, Roblox, or gta V and that’s just so unlikely.
“amountt: $('#transferval').val()”
But great dive into FiveM! Had no idea it came bundled with Vue.
And this is also our fault, e.g. due to the explosion of dependency hell in npm libraries.
This is probably the best intro to modern supply chain attacks and detection techniques, just shared with my team this week:
(edit: removed youtube tracking)
